[Snort-openappid] DetectorValidator not called on SSH

Costas Kleopa (ckleopa) ckleopa at ...5...
Tue Jun 9 14:12:19 EDT 2015


SSH connections are part of the C Detectors of the OpenAppID product, and those do not require the use of Lua/DetectorValidator.

Thanks
Costas

> On Jun 8, 2015, at 1:27 PM, Peter Hansen <pch66 at ...89...> wrote:
> 
> Hello,
> 
> I am attempting to log IP addresses and ports for connections on an app by app basis, and I am having some trouble doing this using the DetectorValidator. I note that the documentation does not call the function for HTTP, SSL, and SIP connections, but as far as I can tell it is also not being called for SSH connections. Does anyone have guidance on this? 
> 
> Thank you,
> Peter Hansen
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-openappid mailing list
> Snort-openappid at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-openappid
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-openappid mailing list